Vince Security Vulnerabilities and Issues — Vince CVE List

Lucene search

CertVince

2 matches found

CVE•added 2022/10/10 8:15 p.m.•40 views

CVE-2022-40248

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.

5.4CVSS5.4AI score0.00144EPSS

CVE•added 2022/10/10 8:15 p.m.•35 views

CVE-2022-40257

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.

5.4CVSS5.3AI score0.00134EPSS